The last option wasn't hugely attractive, but is probably the least worst. Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access), but it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions. If there are better options then we haven't found them. So, in all probability, this is the approach we'll take. Our first stage bootloader will be signed with a Microsoft key.

(Bolded text is mine)

scorpioofthewoods

06-04-2012 08:19 AM

I admit I don't totally understand all of it, but I don't like it. Playing by MS's rules only encourages them and makes their way seem ligit. This is a really good reason to support Linux vendors and buy your computers from them. Though I do realize a lot of people will want/need Windows atleast for dual boot for various reasons.

TobiSGD

06-04-2012 09:06 AM

There is no money arriving in Microsoft's pocket, the key is bought from Verisign. Microsoft is in here only for one reason. Any board out there that comes with Secure Boot implemented will already have the Microsoft key in the ROMs, so using that key to sign your own bootloader/kernel is the logical thing to do to get maximum compatibility with all boards. This is not playing by Microsoft's rules.
Also, see it from a commercial view. Fedora is a testbed for RHEL. Not long in the future Secure Boot will be a requirement in large companies and Red Hat has to support it or they will have serious problems.